Millions of organisations lose hundreds of billions of dollars a year to cybercrime and malware attacks. As we face a global malware epidemic, the security industry struggles to keep pace as it tries, unsuccessfully, to extend reactive, signature-based solutions.
A UK report published by Detica looked into the global scale of cybercrime and it represents substantial losses to commerce and industry. A conservative view by M86 projects the worldwide cost to be at least US$100 billion per annum. Economic costs are estimated to have grown approximately 376% since 2007, a much higher rate than the estimated 41% increase in IT security expenditure over the same period.
The primary attack vector for cybercrime and malware in general is now the web. The majority of attacks (92%) occur when users access the Internet through a web browser. In fact, of all infected websites, 84% are legitimate sites that users would typically be allowed to access. The web is impossible to turn off; more than 80% of network traffic is now Internet traffic, and it is growing with the popularity of cloud computing and web applications. The malware deployed today is more dynamic and targeted than ever before.
The explosive growth of cybercrime is being driven by the ease and impunity with which it is perpetrated, especially in comparison with other forms of crime. Easy to acquire and execute, exploit kits are cybercriminals’ ‘command and control’ centres for creating, launching and monitoring cyber-attacks. And as they start to embrace cloud computing, the barrier to entry is getting lower all the time.
With the rapidly increasing adoption of cloud computing, organisations need to protect themselves against current and future Internet threats. Channel partners should be looking for security vendors who can provide them with a compelling opportunity to grow their business by offering a competitive cloud-based web security solution which allows organisations to protect and control roaming users’ web access.
We all receive a constant stream of security updates from popular applications, including Adobe, Internet Explorer and Java installations, as vendors seek to patch exploited vulnerabilities. These frequent updates present challenges for organisations when it comes to change control processes and standard desktop builds. In the second half of 2010, M86 Security Labs observed that all of the top 15 most-used vulnerabilities in cyber-attacks had previously been patched by the application vendor. This tells us that the IT industry and users are not doing enough to keep applications up to date.
What is the IT security industry’s response? Organisations should use a firewall and an up-to-date anti-virus scanner as well as to buy insurance.
Firewalls are based on a 2000 year-old security premise of keeping all your valuables safe by surrounding your castle or fortress with walls or moats. In IT terms, their purpose is to keep valuable data safe within the corporate network boundaries. However, this is at odds with the growth in corporate data that resides outside the traditional network perimeter, as is the case with cloud computing.
Anti-virus scanners have been around for more than 20 years, and many studies show that malware catch rates are now below 50%. Even senior executives in the security industry admit that the effectiveness of many security solutions is reversing.
Secure web gateways
Using a secure web gateway (SWG) as part of your network protection is now crucial. Security vendors should be providing their channel partners with a product that offers customers a flexible, easy-to-use solution to protect against malware threats.
However, the SWG needs to provide more than the traditional reactive security controls like anti-virus scanning and reputation and URL filtering, all of which rely on a database that must be updated before it can protect you. With reactive security controls, you gamble that your security vendor will find the attack before your users do. Proactive security controls that are able to detect completely new and targeted attacks without having already seen the attack are critical for providing protection from modern cybercrime. Technology solutions built around real-time code analysis lead the field in protecting against this increasing and sophisticated threat landscape.
Recent attacks on a number of UK banks using the Zeus v3 Trojan, and revelations that at least one large bank was the victim of Chinese hackers (Project Aurora), highlight how cybercriminals are targeting the global financial services industry as a lucrative source of income.